CAN-2005-2965: flexbackup <= 1.2.1 multiple vulnerabilities

Brought to you by: edwinh, jjreynold, john_r_graham, pholcomb

#25 CAN-2005-2965: flexbackup <= 1.2.1 multiple vulnerabilities

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2008-08-24

Created: 2008-08-24

Creator: John R. Graham

Private: No

See the following Gentoo Linux Bugzilla bugs for full details:
http://bugs.gentoo.org/show_bug.cgi?id=105000
http://bugs.gentoo.org/show_bug.cgi?id=116510

Summary: Possible symlink attack (race condition), and also possibility to create a untrusted script into the tmp_script (race condition).

Discussion

John R. Graham - 2008-08-24

Logged In: YES
user_id=1745635
Originator: YES

Patch #1 of 2. Addresses race condition but introduced some remote buffer test issues.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

John R. Graham - 2008-08-24

Logged In: YES
user_id=1745635
Originator: YES

Hmm. Can't attach the patch file. SourceForge issue? Will try later.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.